Ben Craig created THRIFT-1687: --------------------------------- Summary: Use Microsoft SafeInt (or reasonable alternative) to protect against integer arithmetic attacks Key: THRIFT-1687 URL: https://issues.apache.org/jira/browse/THRIFT-1687 Project: Thrift Issue Type: Improvement Components: C++ - Library Affects Versions: 0.8, 0.9 Environment: This is a concern on all OSes. Microsoft SafeInt works on the major desktop OSes. Reporter: Ben Craig
There are a lot of scary casts and integer truncations in the C++ Thrift library. Microsoft has a template class that will throw an exception when any kind of integer overflow has happened ( http://safeint.codeplex.com/ ). SafeInt is released under the Microsoft Public License, which ASF has deemed suitable as a dependency for Apache products ( http://www.apache.org/legal/resolved.html#category-a ). -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira